[Bug 769318] [NEW] admindb should have 'logout' function

Tokio Kikuchi tkikuchi at is.kochi-u.ac.jp
Sat Apr 23 03:53:31 CEST 2011


*** This bug is a security vulnerability ***

Private security bug reported:

Current 2.1 admindb interface have no link (or button) to logout the administrator/moderator.  An administrator can logout from mailman from admin interface but a moderator cannot logout without zapping the moderator cookie by browser's function (if it is provided) or terminating the browser.  The admindb web page should have a convenient 'logout' link.
Another inconvenience in admin logout funciton is that if the site-wide admin is allowed by mm_cfg.ALLOW_SITE_ADMIN_COOKIES then the administrator cannot logout with visiting the 'Logout' link in the admin page.
These bugs are fixed by lp:~tkikuchi/mailman/logout-enforcement and the branch was requested to merge into 2.1 series.

** Affects: mailman
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Mailman
Coders, which is a direct subscriber.
https://bugs.launchpad.net/bugs/769318

Title:
  admindb should have 'logout' function


More information about the Mailman-coders mailing list